Re: OpenSSL disables TLS 1.0 and 1.1
- Date: Fri, 11 Aug 2017 16:11:16 +0200
- From: Kurt Roeckx <kurt@xxxxxxxxx>
- Subject: Re: OpenSSL disables TLS 1.0 and 1.1
On Fri, Aug 11, 2017 at 01:34:53PM +0200, Sven Hartge wrote:
> Marco d'Itri <md@xxxxxxxx> wrote:
> > On Aug 09, Sven Hartge <sven@xxxxxxxxxxxxx> wrote:
> >> Looking at https://developer.android.com/about/dashboards/index.html
> >> there is still a marketshare of ~25% of smartphones based on Android
> >> 5.0 and 5.1 and 16% based on 4.4. So this change would (at the
> >> moment) block ~40% of Android smartphones from connecting to any WLAN
> >> using PEAP or TTLS.
> > Android 5.x should support TLS 1.2:
> > http://caniuse.com/#search=TLS
> The Browser, yes. But not the components doing the WPA stuff:
> | Aug 9 20:09:13 ds9 radiusd: (12924) Login incorrect (eap_ttls: TLS Alert write:fatal:protocol version): [owehxperia] (from client ap01 port 54 cli 30-39-26-xx-xx-xx)
> | Aug 9 20:09:24 ds9 radiusd: (12928) eap_ttls: ERROR: TLS Alert write:fatal:protocol version
> | Aug 9 20:09:24 ds9 radiusd: tls: TLS_accept: Error in error
> Only recompiling openssl with TLS1.0 and TLS1.1 enabled allowed my phone
> to connect successfully.
Any idea if this actually works with newer android phones?
Could someone report this to Google? I consider everything broken
by this a security issue and hope that Google will fix it in all
releases they still support.